Antivirus/Security Product Certificate Criteria (v 3.1 June, 2020)
- These criteria are for Windows Platform only.
- The product or solution should have an individual anti malware module containing on access guard function.
- The product or solution will be tested (on-demand scan) against PCSL malicious file set and clean file set.
- 3.1 PCSL malicious file set contains known prevalent malware files not only malicious PE binaries but also malware like Marco virus, etc.
- 3.2 PCSL clean file set contains a large set of known clean PE binaries extracted from prevalent software downloaded from large download sites and also clean non-PE files.
- 3.3 Each time, we will randomly choose 100 thousand malicious file and a certain number of clean files to let the anti-malware solution scan against. Most of the files are prevalent in the past year.
- The detailed criteria is as follows:
- 4.1 In order to test against different antivirus software based on varieties of malware block technology, we have two guidelines on judging a high-performance anti malware product.
- 4.2 Scenario A: A product or solution need to be tested against these two sets (malware set and clean set) twice within 15 days. At least one time of detection rate (against malware sets) of 98% or above is required, average detection rate (against malware sets) of 96% or above is required. Each time, a low false positive rate (below 0.1%) is required.
- 4.3 If a product or solution cannot pass the criteria in 4.2 above then we will move to Scenario B:
- 4.3.1 A product or solution need to be tested against these two set (malware set and clean set) and at least 90% of the detection rate against malware set is required and a low false positive rate (below 0.1%) is also required.
- 4.3.2 Another malware set (300 fully executable and functional malicious binaries) and clean set (some clean installers) will be prepared. A static scan will be executed against each set and every binary file (after the antivirus/security product deletes the files which are detected as malicious) will be executed under the real time guard. Overall detection rate against this small malware set of 96% or above is required and zero behavioral false positive alarm is also required.
- 4.3.3 The antivirus/security product need to pass both 4.3.1 and 4.3.2 to pass the criteria under scenario B.
- 4.4 The certificate could be issued if passing the criteria either in scenario A of 4.2 or in scenario B of 4.3.
- A stability and performance certificate is required before the Antivirus/Security Product Certificate is issued.
- The validity period is one year from the date of certification issued.
Version: 3.1, Effective Date: 2020 June 25th
If you have any questions on the certification process, please feel free to contact us via info#pitci.com
